Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91738 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Please help. Need to remove tavo.exe, kavo.exe, cc.exe


  • This topic is locked This topic is locked
33 replies to this topic

#1 MinnieGrlC

MinnieGrlC

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 02 April 2008 - 05:46 PM

I recently started having error messages relating to tavo.exe, kavo.exe, cc.exe, ff.exe. I've tried everything to get rid of it, including reformatting my computer numerous times and using many different antivirus programs. I think that the problem has spread to an external hard drive that I used to back up my files, because after reformatting the problems start after I connect the external hard drive to my desktop. PLEASE HELP. Thank you. I have run Hijack This and here are the results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:13 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207162649530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207162641873
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5663 bytes

Edited by MinnieGrlC, 02 April 2008 - 09:08 PM.

    Advertisements

Register to Remove


#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 03 April 2008 - 04:04 AM

Hi! Welcome to the forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

Please keep the external drive connected throughout the course of fixing.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#3 MinnieGrlC

MinnieGrlC

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 03 April 2008 - 02:27 PM

Hi Scotty, Thanks again so much for your help! It is definitely appreciated. Here is the uninstall list from HiJack This. Adobe Acrobat 5.0 AIM 6 DVgate Experience Vaio HijackThis 2.0.2 ImageStation Demo ImageStation Tour Lucent Technologies Soft Modem AMR Microsoft Office 2000 Premium Motion JPEG Software Decoder MovieShaker 3.3 Mozilla Firefox (2.0.0.13) Music Visualizer Library 1.4.00 Network Smart Capture NVIDIA Windows 2000/XP Display Drivers OpenMG Secure Module 3.1 PicoPlayer PicoPlayer Demo PicoPlayerSplashScreen PictureGear Studio 1.0 Quicken 2002 New User Edition RealOne Player RealProducer Basic 8.5 Samsung ML-2010 Series Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB946026) SiS Compatible VGA V2.09a SonicStage 1.5.00 Sony Certificate PCH Sony DV Shared Library Sony on Yahoo! Essentials Support Actions WinXP Trend Micro AntiVirus Trend Micro AntiVirus Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) VAIO Action Setup VAIO Brezza Wallpaper VAIO Grid Wallpaper VAIO Help & Support VAIO Media 2.0 VAIO Media Installer 2.0 VAIO Media Music Server 2.0 VAIO Media Photo Server 2.0 VAIO Media Platform 2.0 VAIO Registration VAIO Serenus Wallpaper VAIO Support Viewpoint Media Player Windows Installer 3.1 (KB893803) Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2

Edited by MinnieGrlC, 03 April 2008 - 04:13 PM.


#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 04 April 2008 - 03:32 AM

Hi

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto‑updating for the Viewpoint Manager ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight Viewpoint Media Player , click Remove.



If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

There is a tutorial on the basic use of Combofix here:
http://www.bleepingc...to-use-combofix


Please download Combofix from Bleeping Computer.

If you can't download it from there, please try these 2 alternative sites:

Forospyware
Geeks to Go

  • Save it to your Desktop.
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Click Start>Run copy/paste or type "%userprofile%\desktop\combofix.exe" /killall into the Run box and click OK.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



In your next reply post:
ComboFix.txt
New HijackThis log taken after the above scan has run

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#5 MinnieGrlC

MinnieGrlC

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 04 April 2008 - 03:21 PM

Hi Scotty,

I did as you said, here are the two logs. Thanks again.

COMBOFIX LOG

ComboFix 08-04-03.5 - X 2008-04-04 17:10:38.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.150 [GMT -4:00]
Running from: C:\Documents and Settings\X\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-03 17:25 . 2008-04-03 17:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 17:25 . 2008-04-03 17:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 17:24 . 2008-04-03 17:24 <DIR> d-------- C:\Documents and Settings\X\Application Data\Apple Computer
2008-04-03 17:22 . 2008-04-03 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-03 17:21 . 2008-04-03 18:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-02 22:41 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-02 22:41 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-02 22:41 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-02 21:36 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-02 20:58 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-02 20:58 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 20:20 . 2008-04-04 16:18 81,408 -r-hs---- C:\WINDOWS\system32\tavo0.dll
2008-04-02 20:05 . 2008-04-02 22:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-02 18:50 . 2008-04-02 18:55 115,328 -r-hs---- C:\i0.cmd
2008-04-02 18:48 . 2004-08-04 02:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-02 18:13 . 2008-04-02 18:13 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-02 18:11 . 2008-04-02 18:11 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-02 18:09 . 2008-04-02 18:09 <DIR> d-------- C:\Documents and Settings\X\Application Data\Microsoft Web Folders
2008-04-02 17:51 . 2004-08-04 02:07 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-04-02 17:51 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-02 17:51 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-02 17:51 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-02 17:51 . 2001-08-17 17:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-02 16:55 . 2008-02-16 01:07 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-02 16:55 . 2008-02-16 01:07 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-02 16:55 . 2008-02-16 01:07 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-02 16:54 . 2008-04-02 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-02 16:43 . 2003-02-28 19:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-04-02 16:30 . 2008-04-02 16:41 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-02 16:29 . 2008-04-02 16:29 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-02 16:29 . 2008-04-02 16:29 <DIR> d-------- C:\WINDOWS\peernet
2008-04-02 16:26 . 2008-04-02 16:26 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-02 16:22 . 2005-06-28 11:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-02 16:19 . 2008-04-02 16:19 <DIR> d-------- C:\WINDOWS\EHome
2008-04-02 16:13 . 2004-08-04 01:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-02 16:13 . 2004-08-02 15:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-02 16:13 . 2004-08-02 15:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-02 16:00 . 2008-04-02 16:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-02 15:59 . 2008-04-02 15:59 <DIR> d-------- C:\Documents and Settings\X\Application Data\acccore
2008-04-02 15:59 . 2004-08-04 03:56 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-04-02 15:59 . 2004-08-04 03:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-02 15:59 . 2004-08-04 03:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-02 15:59 . 2004-08-04 03:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-02 15:59 . 2004-08-04 03:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-02 15:59 . 2008-04-02 15:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-02 15:58 . 2008-04-04 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-02 15:58 . 2008-04-02 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-02 15:58 . 2008-04-02 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-02 15:57 . 2008-04-02 15:57 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-02 14:57 . 2008-04-02 15:59 <DIR> d-------- C:\Program Files\AIM6
2008-04-02 14:57 . 2008-04-02 14:57 <DIR> d---s---- C:\Documents and Settings\X\UserData
2008-04-02 14:56 . 2008-04-02 14:56 <DIR> d-------- C:\Program Files\Samsung ML-2010 Series
2008-04-02 14:56 . 2005-03-14 01:01 766 --------- C:\WINDOWS\Uninstall.ico
2008-04-02 14:55 . 2008-04-02 14:56 <DIR> d-------- C:\WINDOWS\Samsung
2008-04-02 14:55 . 2005-03-14 01:01 208,896 --------- C:\WINDOWS\system32\SSRemove.exe
2008-04-02 14:55 . 2005-03-03 00:32 151,552 --a------ C:\WINDOWS\system32\SSCoInst.exe
2008-04-02 14:55 . 2005-03-03 06:09 57,344 --a------ C:\WINDOWS\system32\SSCoInst.dll
2008-04-02 14:55 . 2005-03-14 01:01 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
2008-04-02 14:55 . 2005-04-07 22:29 20,622 --a------ C:\WINDOWS\system32\SUGS2LMK.DLL
2008-04-02 14:55 . 2005-03-14 01:01 8,478 --------- C:\WINDOWS\system32\SP119.ICO
2008-04-02 14:55 . 2005-03-03 07:23 604 --a------ C:\WINDOWS\system32\SUGS2LMK.SMT
2008-04-02 14:53 . 2008-04-02 14:53 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-02 14:53 . 2002-08-03 12:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-02 14:53 . 2002-08-03 12:17 <DIR> d-------- C:\Documents and Settings\X\WINDOWS
2008-04-02 14:53 . 2002-08-15 13:32 <DIR> d-------- C:\Documents and Settings\X\Application Data\Sony Corporation
2008-04-02 14:53 . 2002-08-15 13:30 <DIR> d-------- C:\Documents and Settings\X\Application Data\InterTrust
2008-04-02 14:53 . 2002-08-03 12:17 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 22:05 --------- d-----w C:\Program Files\QuickTime
2008-04-03 00:08 --------- d-----w C:\Program Files\Trend Micro
2008-04-02 22:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-02 18:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 05:07 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2008-02-16 05:07 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-02-16 05:07 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-02-16 05:07 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 20:17 102400]
"SiS Tray"="" []
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [ ]
"LTSMMSG"="LTSMMSG.exe" [2002-07-20 12:22 32768 C:\WINDOWS\LTSMMSG.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-07-03 20:17 40960]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2002-08-15 13:44 146432]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 15:50 11406]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 15:19 1398024]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-21 21:00:00 65588]
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2002-08-15 13:26:39 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\DVLib\sonydv.dll
"VIDC.MJPG"= sonymjpg.dll
"msacm.atrac3"= atrac3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=

R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-07-20 12:22]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 18:53:13 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-04-02 18:53:14 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-04-02 18:53:14 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 17:13:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-04 17:16:23
ComboFix-quarantined-files.txt 2008-04-04 21:16:12
Pre-Run: 11,931,611,136 bytes free
Post-Run: 11,921,227,776 bytes free
.
2008-04-03 02:48:08 --- E O F ---

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:57 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207162649530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207162641873
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 5764 bytes

#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 05 April 2008 - 03:07 AM

Hi

We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System, which in your case is SP2

XP Media Centre is based upon XP Professional

Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#7 MinnieGrlC

MinnieGrlC

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 05 April 2008 - 04:58 PM

Hi Scotty, Here is the Combofix log. WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

#8 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 06 April 2008 - 06:24 AM

Hi

Remember to disconnect from the Internet before carrying out the next instruction, and to save the following script before you do.


Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C

KillAll::
 
File::
C:\WINDOWS\system32\tavo0.dll
C:\i0.cmd
C:\WINDOWS\WMSysPr9.prx

Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint

DirLook::
C:\WINDOWS\system32\config\systemprofile\WINDOWS
C:\Documents and Settings\Default User\WINDOWS

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

In your next reply post:
ComboFix.txt
New HijackThis log taken after the above scan has run

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#9 MinnieGrlC

MinnieGrlC

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 06 April 2008 - 08:25 AM

Hi Scotty,

Here are the logs

COMBOFIX LOG

ComboFix 08-04-04.1 - X 2008-04-06 10:09:30.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.173 [GMT -4:00]
Running from: C:\Documents and Settings\X\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\X\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\i0.cmd
C:\WINDOWS\system32\tavo0.dll
C:\WINDOWS\WMSysPr9.prx
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\i0.cmd
C:\WINDOWS\system32\tavo0.dll
C:\WINDOWS\WMSysPr9.prx

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-03 17:25 . 2008-04-03 17:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 17:25 . 2008-04-03 17:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 17:24 . 2008-04-03 17:24 <DIR> d-------- C:\Documents and Settings\X\Application Data\Apple Computer
2008-04-03 17:22 . 2008-04-03 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-03 17:21 . 2008-04-03 18:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-02 22:41 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-02 22:41 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-02 22:41 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-02 21:36 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-02 20:58 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-02 20:58 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 20:05 . 2008-04-02 22:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-02 18:48 . 2004-08-04 02:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-02 18:13 . 2008-04-02 18:13 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-02 18:11 . 2008-04-02 18:11 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-02 18:09 . 2008-04-02 18:09 <DIR> d-------- C:\Documents and Settings\X\Application Data\Microsoft Web Folders
2008-04-02 17:51 . 2004-08-04 02:07 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-04-02 17:51 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-02 17:51 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-02 17:51 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-02 17:51 . 2001-08-17 17:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-02 16:55 . 2008-02-16 01:07 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-02 16:55 . 2008-02-16 01:07 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-02 16:55 . 2008-02-16 01:07 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-02 16:54 . 2008-04-02 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-02 16:43 . 2003-02-28 19:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-04-02 16:29 . 2008-04-02 16:29 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-02 16:29 . 2008-04-02 16:29 <DIR> d-------- C:\WINDOWS\peernet
2008-04-02 16:26 . 2008-04-02 16:26 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-02 16:22 . 2005-06-28 11:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-02 16:19 . 2008-04-02 16:19 <DIR> d-------- C:\WINDOWS\EHome
2008-04-02 16:13 . 2004-08-04 01:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-02 16:13 . 2004-08-02 15:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-02 16:13 . 2004-08-02 15:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-02 16:00 . 2008-04-02 16:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-02 15:59 . 2008-04-02 15:59 <DIR> d-------- C:\Documents and Settings\X\Application Data\acccore
2008-04-02 15:59 . 2004-08-04 03:56 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-04-02 15:59 . 2004-08-04 03:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-02 15:59 . 2004-08-04 03:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-02 15:59 . 2004-08-04 03:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-02 15:59 . 2004-08-04 03:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-02 15:59 . 2008-04-02 15:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-02 15:58 . 2008-04-02 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-02 15:58 . 2008-04-02 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-02 15:57 . 2008-04-02 15:57 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-02 14:57 . 2008-04-02 15:59 <DIR> d-------- C:\Program Files\AIM6
2008-04-02 14:57 . 2008-04-02 14:57 <DIR> d---s---- C:\Documents and Settings\X\UserData
2008-04-02 14:56 . 2008-04-02 14:56 <DIR> d-------- C:\Program Files\Samsung ML-2010 Series
2008-04-02 14:56 . 2005-03-14 01:01 766 --------- C:\WINDOWS\Uninstall.ico
2008-04-02 14:55 . 2008-04-02 14:56 <DIR> d-------- C:\WINDOWS\Samsung
2008-04-02 14:55 . 2005-03-14 01:01 208,896 --------- C:\WINDOWS\system32\SSRemove.exe
2008-04-02 14:55 . 2005-03-03 00:32 151,552 --a------ C:\WINDOWS\system32\SSCoInst.exe
2008-04-02 14:55 . 2005-03-03 06:09 57,344 --a------ C:\WINDOWS\system32\SSCoInst.dll
2008-04-02 14:55 . 2005-03-14 01:01 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
2008-04-02 14:55 . 2005-04-07 22:29 20,622 --a------ C:\WINDOWS\system32\SUGS2LMK.DLL
2008-04-02 14:55 . 2005-03-14 01:01 8,478 --------- C:\WINDOWS\system32\SP119.ICO
2008-04-02 14:55 . 2005-03-03 07:23 604 --a------ C:\WINDOWS\system32\SUGS2LMK.SMT
2008-04-02 14:53 . 2008-04-02 14:53 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-02 14:53 . 2002-08-03 12:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-02 14:53 . 2002-08-03 12:17 <DIR> d-------- C:\Documents and Settings\X\WINDOWS
2008-04-02 14:53 . 2002-08-15 13:32 <DIR> d-------- C:\Documents and Settings\X\Application Data\Sony Corporation
2008-04-02 14:53 . 2002-08-15 13:30 <DIR> d-------- C:\Documents and Settings\X\Application Data\InterTrust
2008-04-02 14:53 . 2002-08-03 12:17 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 22:05 --------- d-----w C:\Program Files\QuickTime
2008-04-03 00:08 --------- d-----w C:\Program Files\Trend Micro
2008-04-02 22:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-02 18:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 05:07 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2008-02-16 05:07 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-02-16 05:07 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-02-16 05:07 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Default User\WINDOWS ----


---- Directory of C:\WINDOWS\system32\config\systemprofile\WINDOWS ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 20:17 102400]
"SiS Tray"="" []
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [ ]
"LTSMMSG"="LTSMMSG.exe" [2002-07-20 12:22 32768 C:\WINDOWS\LTSMMSG.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-07-03 20:17 40960]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2002-08-15 13:44 146432]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 15:50 11406]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 15:19 1398024]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-21 21:00:00 65588]
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2002-08-15 13:26:39 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\DVLib\sonydv.dll
"VIDC.MJPG"= sonymjpg.dll
"msacm.atrac3"= atrac3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=

R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-07-20 12:22]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 18:53:13 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-04-02 18:53:14 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-04-02 18:53:14 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 10:15:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\WScript.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-06 10:21:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 14:21:12
ComboFix2.txt 2008-04-04 21:16:24
Pre-Run: 11,833,360,384 bytes free
Post-Run: 11,824,472,064 bytes free
.
2008-04-03 02:48:08 --- E O F ---

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:47 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207162649530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207162641873
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 5591 bytes

#10 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 06 April 2008 - 09:46 AM

Hi

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Posted Image


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here with a new HijackThis log, and let me know if you are still having any problems.

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

    Advertisements

Register to Remove


#11 MinnieGrlC

MinnieGrlC

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 06 April 2008 - 06:00 PM

Hi Scotty,

Here are the logs. Let me know if there are more steps I need to do, or if the problem has been fixed. If it has been fixed, is it now OK for me to connect my external to my laptop and other computers? Thanks so much!

MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.10
Database version: 595

Scan type: Full Scan (A:\|C:\|D:\|E:\|H:\|)
Objects scanned: 99822
Time elapsed: 1 hour(s), 20 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:07 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207162649530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207162641873
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 5718 bytes

#12 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 07 April 2008 - 04:25 AM

Hi

Congratulations, you appear to be malware free. :woot:

Malwarebytes Anti-Malware is a good program to keep. If you wish to keep it, use it to do a quick scan once a week and keep it updated.
Remember, only the paid for version offers real-time protection

Here is another free program I recommend.

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Here is some great information from experts in this field that will help you stay clean and safe online.
http://forum.malware...wtopic.php?t=14

Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#13 MinnieGrlC

MinnieGrlC

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 07 April 2008 - 09:42 AM

Hi Scotty, Thanks so much for your help :D. My last and final question is to double check that it is OK for me to hook up my external to other computers/laptops. If it is, then you may go ahead and close the thread. Thank you again!

#14 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 07 April 2008 - 10:16 AM

Unless you feel they maybe are infected and would like me to check them over one by one first, they should be ok to hook up.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#15 MinnieGrlC

MinnieGrlC

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 07 April 2008 - 05:36 PM

Hi Scotty, I just reformatted my laptop, so I know it is not infected. I'm pretty sure that my external hard drive was infected, but I kept that hooked up to the computer you just helped me with throughout the whole process. My question is whether that means my external hard drive is now also malware free like my desktop. Thank you.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users